Debian Bug report logs -
#720632
znc: CVE-2013-2130: NULL pointer dereference vulnerabilities
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 24 Aug 2013 07:39:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version znc/1.0-4
Fixed in version znc/1.0-5
Done: Patrick Matthäi <pmatthaei@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#720632; Package znc.
(Sat, 24 Aug 2013 07:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Patrick Matthäi <pmatthaei@debian.org>.
(Sat, 24 Aug 2013 07:39:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: znc
Version: 1.0-4
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for znc.
CVE-2013-2130[0]:
null pointer dereference in webadmin
See references for additional information and a patch. This only
affectes znc 1.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-2130
[1] https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28
[2] http://www.openwall.com/lists/oss-security/2013/05/30/3
Regards,
Salvatore
Reply sent
to Patrick Matthäi <pmatthaei@debian.org>:
You have taken responsibility.
(Mon, 26 Aug 2013 09:51:24 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 26 Aug 2013 09:51:24 GMT) (full text, mbox, link).
Message #10 received at 720632-close@bugs.debian.org (full text, mbox, reply):
Source: znc
Source-Version: 1.0-5
We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 720632@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <pmatthaei@debian.org> (supplier of updated znc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 26 Aug 2013 11:21:18 +0200
Source: znc
Binary: znc znc-extra znc-dbg znc-dev znc-perl znc-python znc-tcl
Architecture: source amd64
Version: 1.0-5
Distribution: unstable
Urgency: medium
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
znc - advanced modular IRC bouncer
znc-dbg - advanced modular IRC bouncer (debugging symbols)
znc-dev - advanced modular IRC bouncer (development headers)
znc-extra - extra modules for znc
znc-perl - advanced modular IRC bouncer (Perl extension)
znc-python - advanced modular IRC bouncer (Python extension)
znc-tcl - advanced modular IRC bouncer (Tcl extension)
Closes: 720632
Changes:
znc (1.0-5) unstable; urgency=medium
.
* Add upstream patch 02-CVE-2013-2130 to fix a NULL pointer dereference in
the webadmin module as described in CVE-2013-2130.
Closes: #720632
* Remove deprecated dh_pysupport.
* Remove unused hardening-no-fortify-functions lintian overrides.
* Add some lintian overrides for false positive spelling errors.
* Remove both .pyc files and hope that the Python module is still working.
* Limit dh_python3 to package znc-python. This helper is doing some realy
strange things.
* Remove python:Depends.
Checksums-Sha1:
b0e6113485c0204c8539ec31961cb612489e2eb0 2005 znc_1.0-5.dsc
1fb46fc6fabec550f2d36e839e0537d1ecd740b7 13508 znc_1.0-5.debian.tar.gz
c386dcdf3e14ad574b356b2b28d8d6bdd33e697e 1098766 znc_1.0-5_amd64.deb
232b697687cc5a6c58f734e32a286b56578aacc9 197800 znc-extra_1.0-5_amd64.deb
3af54772b59ff3c185ccbb1032c3e16a1abdd149 21720142 znc-dbg_1.0-5_amd64.deb
9660754a7fc08b8cce95f67834b151120457ff23 61458 znc-dev_1.0-5_amd64.deb
4c9647b574fa560905c940008f9a019d682476e7 546656 znc-perl_1.0-5_amd64.deb
ffdedcee489e828f6235b3d0a5b00e3be5a1ad4d 599236 znc-python_1.0-5_amd64.deb
512b9b48f6a0f6b24f34d658ac8493df93ad50b0 39806 znc-tcl_1.0-5_amd64.deb
Checksums-Sha256:
3e5bb47e6f22ba7b8b56e7aebe2df37d5ab8ef2bc10d7f528c800a40cfcc24f2 2005 znc_1.0-5.dsc
0cd78525cb47cd5fc44059e70f6cb953205b599b7ddbd188c82a903e64b5134c 13508 znc_1.0-5.debian.tar.gz
dbf1e6807faaa322b5aad318bdd9565a9b8c60e3991069479de4ee1bf7e78962 1098766 znc_1.0-5_amd64.deb
db67d3aacd67769a5fb1126952d849a1d9a1f96ab476bf8d85f5f51106e7cf01 197800 znc-extra_1.0-5_amd64.deb
534afef1fd2036d5484cdff5426a6942cc18652699cb707fd0e647482fc064db 21720142 znc-dbg_1.0-5_amd64.deb
4518135cd711f713af64e8cfe370f4f8fe4c6d9726b8f50cc9f5e49f99845109 61458 znc-dev_1.0-5_amd64.deb
2cc9da241e71ad5a81e9d851181102a9d2d208793233ec2c653f22e7cfe455e3 546656 znc-perl_1.0-5_amd64.deb
794761683ebabc81011a6970b156239ddeb1aae83f68b51d1cd03b3db3c3440a 599236 znc-python_1.0-5_amd64.deb
9e299eea15ea1b9223fabb436d017440f9925ac61cfe6324e3d20bcd010ab564 39806 znc-tcl_1.0-5_amd64.deb
Files:
59b9405d9e8a7d81757e18910f87f640 2005 net optional znc_1.0-5.dsc
d8ccb02e86d7afa1e8685ef695c7576b 13508 net optional znc_1.0-5.debian.tar.gz
9078984b270ec914a5233acd55f95c77 1098766 net optional znc_1.0-5_amd64.deb
f3b2cc0fe09f5fe80bb6ab94efea51ee 197800 net optional znc-extra_1.0-5_amd64.deb
de3a2f95fe6c102508293c1530fea13f 21720142 debug extra znc-dbg_1.0-5_amd64.deb
640d6c9660b1daf6ba2b2652e3a5ca33 61458 net optional znc-dev_1.0-5_amd64.deb
3bff210344ac95b91711f95c446d6b13 546656 net optional znc-perl_1.0-5_amd64.deb
86bb4d505982c589865140f99f286a13 599236 net optional znc-python_1.0-5_amd64.deb
cc10d354164e0e691a1f6d0115e8928f 39806 interpreters optional znc-tcl_1.0-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJSGyFBAAoJEBLZsEqQy9jktm8P/1CfrBSnsTi6UAWpvu/LuB0H
DA00h45WBl0smTS6SRN8jiH6Qnb2cPxFKLdSp1TBMWK6Dpxq+FaeTENYXYYIUyIK
GXi7Um3BBvLXVrdQAn8SecXi2VJRbzqEnLPu2K1Ss1jBPBwvAntszSpBOJkUG2PG
j9FeXYccHgc8vpGZSr4VU+QEZfsJagLUxJBDtKNx+Dg1bNbcoCuNO1qLUf5qFMEj
gXT95d5fonKweODppKn9vWkot1jdEn0BNcwy+Wr/YUq0crq3TS2A5RiFGZVpij0s
iIsYLK+he8aa2uj7Ag6GaK+bCeHb5T6UfrKG6C2HzJKrhe4734WXX63ekK6IBq2m
nEAr0uIQdkLdqsWuD52F13Nwp5DC3tpiGvOiejlx7Sfve2Ug9Iob1d9Kv2nhKzQp
cJHUj/ymUrJUKvyaFvB1W5EyQisxqh8IML3V7h46EopH8AIf3cllm2g4Vvwe/evQ
3b9VuNKHkp6cmzDfoKAwwU33abd8qhMhRD9igZ7jwA46yHXS6wNLjgBCZUk2MC5o
1IC1wqMxrywmyK5mrOVzmzG9fGTMvf4gxEY0y3NBj4oMj8pbc9DAz95cT5CGEA7v
2Skls5SiIMXZstnlpm+W4Lr6t1RCE39fTUAtu/v2KECdI3x6X/y6ppx4l8ssrVJV
QJciyhV2u9DfgeHw7NPf
=UP+V
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 06 Oct 2013 07:29:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:23:35 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon